Upload
dodiep
View
213
Download
0
Embed Size (px)
Citation preview
acme-python DocumentationRelease 0
Let’s Encrypt Project
Jun 28, 2019
Contents
1 API Documentation 31.1 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.2 Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.3 Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181.4 Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191.5 JOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201.6 Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201.7 Standalone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2 Indices and tables 29
Python Module Index 31
Index 33
i
ii
acme-python Documentation, Release 0
Contents:
Contents 1
acme-python Documentation, Release 0
2 Contents
CHAPTER 1
API Documentation
1.1 Challenges
Internal class delegating to a module, and displaying warnings when attributes related to TLS-SNI-01 are accessed.
class acme.challenges.Challenge(**kwargs)Bases: josepy.json_util.TypedJSONObjectWithFields
ACME challenge.
classmethod from_json(jobj)Deserialize ACME object from valid JSON object.
Raises josepy.errors.UnrecognizedTypeError – if type of the ACME object hasnot been registered.
class acme.challenges.ChallengeResponse(**kwargs)Bases: josepy.json_util.TypedJSONObjectWithFields
ACME challenge response.
class acme.challenges.DNS(**kwargs)Bases: acme.challenges._TokenChallenge
ACME “dns” challenge.
LABEL = '_acme-challenge'Label clients prepend to the domain name being validated.
gen_validation(account_key, alg=RS256, **kwargs)Generate validation.
Parameters
• account_key (JWK) – Private account key.
• alg (JWA) –
Returns This challenge wrapped in JWS
3
acme-python Documentation, Release 0
Return type JWS
check_validation(validation, account_public_key)Check validation.
Parameters
• validation (JWS) –
• account_public_key (JWK) –
Return type bool
gen_response(account_key, **kwargs)Generate response.
Parameters
• account_key (JWK) – Private account key.
• alg (JWA) –
Return type DNSResponse
validation_domain_name(name)Domain name for TXT validation record.
Parameters name (unicode) – Domain name being validated.
class acme.challenges.DNS01(**kwargs)Bases: acme.challenges.KeyAuthorizationChallenge
ACME dns-01 challenge.
response_clsalias of DNS01Response
LABEL = '_acme-challenge'Label clients prepend to the domain name being validated.
validation(account_key, **unused_kwargs)Generate validation.
Parameters account_key (JWK) –
Return type unicode
validation_domain_name(name)Domain name for TXT validation record.
Parameters name (unicode) – Domain name being validated.
class acme.challenges.DNS01Response(**kwargs)Bases: acme.challenges.KeyAuthorizationChallengeResponse
ACME dns-01 challenge response.
simple_verify(chall, domain, account_public_key)Simple verify.
This method no longer checks DNS records and is a simple wrapper aroundKeyAuthorizationChallengeResponse.verify .
Parameters
• chall (challenges.DNS01) – Corresponding challenge.
• domain (unicode) – Domain name being verified.
4 Chapter 1. API Documentation
acme-python Documentation, Release 0
• account_public_key (JWK) – Public key for the key pair being authorized.
Returns True iff verification of the key authorization was successful.
Return type bool
class acme.challenges.DNSResponse(**kwargs)Bases: acme.challenges.ChallengeResponse
ACME “dns” challenge response.
Parameters validation (JWS) –
check_validation(chall, account_public_key)Check validation.
Parameters
• chall (challenges.DNS) –
• account_public_key (JWK) –
Return type bool
class acme.challenges.HTTP01(**kwargs)Bases: acme.challenges.KeyAuthorizationChallenge
ACME http-01 challenge.
response_clsalias of HTTP01Response
URI_ROOT_PATH = '.well-known/acme-challenge'URI root path for the server provisioned resource.
pathPath (starting with ‘/’) for provisioned resource.
Return type string
uri(domain)Create an URI to the provisioned resource.
Forms an URI to the HTTPS server provisioned resource (containing token).
Parameters domain (unicode) – Domain name being verified.
Return type string
validation(account_key, **unused_kwargs)Generate validation.
Parameters account_key (JWK) –
Return type unicode
class acme.challenges.HTTP01Response(**kwargs)Bases: acme.challenges.KeyAuthorizationChallengeResponse
ACME http-01 challenge response.
PORT = 80Verification port as defined by the protocol.
You can override it (e.g. for testing) by passing port to simple_verify .
WHITESPACE_CUTSET = '\n\r\t 'Whitespace characters which should be ignored at the end of the body.
1.1. Challenges 5
acme-python Documentation, Release 0
simple_verify(chall, domain, account_public_key, port=None)Simple verify.
Parameters
• chall (challenges.SimpleHTTP) – Corresponding challenge.
• domain (unicode) – Domain name being verified.
• account_public_key (JWK) – Public key for the key pair being authorized.
• port (int) – Port used in the validation.
Returns True iff validation with the files currently served by the HTTP server is successful.
Return type bool
class acme.challenges.KeyAuthorizationChallenge(**kwargs)Bases: acme.challenges._TokenChallenge
Challenge based on Key Authorization.
Parameters
• response_cls – Subclass of KeyAuthorizationChallengeResponse that willbe used to generate response.
• typ (str) – type of the challenge
key_authorization(account_key)Generate Key Authorization.
Parameters account_key (JWK) –
Rtype unicode
response(account_key)Generate response to the challenge.
Parameters account_key (JWK) –
Returns Response (initialized response_cls) to the challenge.
Return type KeyAuthorizationChallengeResponse
validation(account_key, **kwargs)Generate validation for the challenge.
Subclasses must implement this method, but they are likely to return completely different data structures,depending on what’s necessary to complete the challenge. Interpretation of that return value must beknown to the caller.
Parameters account_key (JWK) –
Returns Challenge-specific validation.
response_and_validation(account_key, *args, **kwargs)Generate response and validation.
Convenience function that return results of response and validation.
Parameters account_key (JWK) –
Return type tuple
class acme.challenges.KeyAuthorizationChallengeResponse(**kwargs)Bases: acme.challenges.ChallengeResponse
6 Chapter 1. API Documentation
acme-python Documentation, Release 0
Response to Challenges based on Key Authorization.
Parameters key_authorization (unicode) –
verify(chall, account_public_key)Verify the key authorization.
Parameters
• chall (KeyAuthorization) – Challenge that corresponds to this response.
• account_public_key (JWK) –
Returns True iff verification of the key authorization was successful.
Return type bool
to_partial_json()Get JSON serializable object.
Returns Serializable JSON object representing ACME typed object. validate() willalmost certainly not work, due to reasons explained in josepy.interfaces.IJSONSerializable.
Return type dict
class acme.challenges.TLSALPN01(**kwargs)Bases: acme.challenges.KeyAuthorizationChallenge
ACME tls-alpn-01 challenge.
This class simply allows parsing the TLS-ALPN-01 challenge returned from the CA. Full TLS-ALPN-01 sup-port is not currently provided.
response_clsalias of TLSALPN01Response
validation(account_key, **kwargs)Generate validation for the challenge.
class acme.challenges.TLSALPN01Response(**kwargs)Bases: acme.challenges.KeyAuthorizationChallengeResponse
ACME TLS-ALPN-01 challenge response.
This class only allows initiating a TLS-ALPN-01 challenge returned from the CA. Full support for responding toTLS-ALPN-01 challenges by generating and serving the expected response certificate is not currently provided.
class acme.challenges.TLSSNI01(**kwargs)Bases: acme.challenges.KeyAuthorizationChallenge
ACME tls-sni-01 challenge.
response_clsalias of TLSSNI01Response
validation(account_key, **kwargs)Generate validation.
Parameters
• account_key (JWK) –
• cert_key (OpenSSL.crypto.PKey) – Optional private key used in certificate gen-eration. If not provided (None), then fresh key will be generated.
Return type tuple of OpenSSL.crypto.X509 and OpenSSL.crypto.PKey
1.1. Challenges 7
acme-python Documentation, Release 0
class acme.challenges.TLSSNI01Response(**kwargs)Bases: acme.challenges.KeyAuthorizationChallengeResponse
ACME tls-sni-01 challenge response.
DOMAIN_SUFFIX = '.acme.invalid'Domain name suffix.
PORT = 443Verification port as defined by the protocol.
You can override it (e.g. for testing) by passing port to simple_verify .
zz value used for verification.
Rtype bytes
z_domainDomain name used for verification, generated from z.
Rtype bytes
gen_cert(key=None, bits=2048)Generate tls-sni-01 certificate.
Parameters
• key (OpenSSL.crypto.PKey) – Optional private key used in certificate generation.If not provided (None), then fresh key will be generated.
• bits (int) – Number of bits for newly generated key.
Return type tuple of OpenSSL.crypto.X509 and OpenSSL.crypto.PKey
probe_cert(domain, **kwargs)Probe tls-sni-01 challenge certificate.
Parameters domain (unicode) –
verify_cert(cert)Verify tls-sni-01 challenge certificate.
Parameters cert (OpensSSL.crypto.X509) – Challenge certificate.
Returns Whether the certificate was successfully verified.
Return type bool
simple_verify(chall, domain, account_public_key, cert=None, **kwargs)Simple verify.
Verify validation using account_public_key, optionally probe tls-sni-01 certificate and checkusing verify_cert.
Parameters
• chall (challenges.TLSSNI01) – Corresponding challenge.
• domain (str) – Domain name being validated.
• account_public_key (JWK) –
• cert (OpenSSL.crypto.X509) – Optional certificate. If not provided (None) cer-tificate will be retrieved using probe_cert.
• port (int) – Port used to probe the certificate.
8 Chapter 1. API Documentation
acme-python Documentation, Release 0
Returns True iff client’s control of the domain has been verified.
Return type bool
class acme.challenges.UnrecognizedChallenge(jobj)Bases: acme.challenges.Challenge
Unrecognized challenge.
ACME specification defines a generic framework for challenges and defines some standard challenges thatare implemented in this module. However, other implementations (including peers) might define additionalchallenge types, which should be ignored if unrecognized.
Variables jobj – Original JSON decoded object.
to_partial_json()Get JSON serializable object.
Returns Serializable JSON object representing ACME typed object. validate() willalmost certainly not work, due to reasons explained in josepy.interfaces.IJSONSerializable.
Return type dict
classmethod from_json(jobj)Deserialize ACME object from valid JSON object.
Raises josepy.errors.UnrecognizedTypeError – if type of the ACME object hasnot been registered.
class acme.challenges._TokenChallenge(**kwargs)Bases: acme.challenges.Challenge
Challenge with token.
Variables token (bytes) –
TOKEN_SIZE = 16Minimum size of the token in bytes.
good_tokenIs token good?
Todo: acme-spec wants “It MUST NOT contain any non-ASCII characters”, but it should also warrantthat it doesn’t contain “..” or “/”. . .
1.2 Client
ACME client API.
class acme.client.ClientBase(directory, net, acme_version)Bases: object
ACME client base object.
Variables
• directory (messages.Directory) –
• net (ClientNetwork) – Client network.
1.2. Client 9
acme-python Documentation, Release 0
• acme_version (int) – ACME protocol version. 1 or 2.
_post(*args, **kwargs)Wrapper around self.net.post that adds the acme_version.
update_registration(regr, update=None)Update registration.
Parameters
• regr (messages.RegistrationResource) – Registration Resource.
• update (messages.Registration) – Updated body of the resource. If not pro-vided, body will be taken from regr.
Returns Updated Registration Resource.
Return type RegistrationResource
deactivate_registration(regr)Deactivate registration.
Parameters regr (messages.RegistrationResource) – The Registration Resource tobe deactivated.
Returns The Registration resource that was deactivated.
Return type RegistrationResource
answer_challenge(challb, response)Answer challenge.
Parameters
• challb (ChallengeBody) – Challenge Resource body.
• response (challenges.ChallengeResponse) – Corresponding Challenge re-sponse
Returns Challenge Resource with updated body.
Return type ChallengeResource
Raises UnexpectedUpdate –
classmethod retry_after(response, default)Compute next poll time based on response Retry-After header.
Handles integers and various datestring formats per https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37
Parameters
• response (requests.Response) – Response from poll.
• default (int) – Default value (in seconds), used when Retry-After header is notpresent or invalid.
Returns Time point when next poll should be performed.
Return type datetime.datetime
_revoke(cert, rsn, url)Revoke certificate.
Parameters
10 Chapter 1. API Documentation
acme-python Documentation, Release 0
• cert (ComparableX509) – OpenSSL.crypto.X509 wrapped inComparableX509
• rsn (int) – Reason code for certificate revocation.
• url (str) – ACME URL to post to
Raises ClientError – If revocation is unsuccessful.
class acme.client.Client(directory, key, alg=RS256, verify_ssl=True, net=None)Bases: acme.client.ClientBase
ACME client for a v1 API.
Todo: Clean up raised error types hierarchy, document, and handle (wrap) instances ofDeserializationError raised in from_json().
Variables
• directory (messages.Directory) –
• key – josepy.JWK (private)
• alg – josepy.JWASignature
• verify_ssl (bool) – Verify SSL certificates?
• net (ClientNetwork) – Client network. Useful for testing. If not supplied, it will beinitialized using key, alg and verify_ssl.
register(new_reg=None)Register.
Parameters new_reg (NewRegistration) –
Returns Registration Resource.
Return type RegistrationResource
query_registration(regr)Query server about registration.
Parameters messages.RegistrationResource – Existing Registration Resource.
agree_to_tos(regr)Agree to the terms-of-service.
Agree to the terms-of-service in a Registration Resource.
Parameters regr (RegistrationResource) – Registration Resource.
Returns Updated Registration Resource.
Return type RegistrationResource
request_challenges(identifier, new_authzr_uri=None)Request challenges.
Parameters
• identifier (messages.Identifier) – Identifier to be challenged.
• new_authzr_uri (str) – Deprecated. Do not use.
Returns Authorization Resource.
1.2. Client 11
acme-python Documentation, Release 0
Return type AuthorizationResource
Raises errors.WildcardUnsupportedError – if a wildcard is requested
request_domain_challenges(domain, new_authzr_uri=None)Request challenges for domain names.
This is simply a convenience function that wraps around request_challenges, but works with do-main names instead of generic identifiers. See request_challenges for more documentation.
Parameters
• domain (str) – Domain name to be challenged.
• new_authzr_uri (str) – Deprecated. Do not use.
Returns Authorization Resource.
Return type AuthorizationResource
Raises errors.WildcardUnsupportedError – if a wildcard is requested
request_issuance(csr, authzrs)Request issuance.
Parameters
• csr (OpenSSL.crypto.X509Req wrapped in ComparableX509) – CSR
• authzrs – list of AuthorizationResource
Returns Issued certificate
Return type messages.CertificateResource
poll(authzr)Poll Authorization Resource for status.
Parameters authzr (AuthorizationResource) – Authorization Resource
Returns Updated Authorization Resource and HTTP response.
Return type (AuthorizationResource, requests.Response)
poll_and_request_issuance(csr, authzrs, mintime=5, max_attempts=10)Poll and request issuance.
This function polls all provided Authorization Resource URIs until all challenges are valid, respectingRetry-After HTTP headers, and then calls request_issuance.
Parameters
• csr (ComparableX509) – CSR (OpenSSL.crypto.X509Req wrapped inComparableX509)
• authzrs – list of AuthorizationResource
• mintime (int) – Minimum time before next attempt, used if Retry-After is notpresent in the response.
• max_attempts (int) – Maximum number of attempts (per authorization) beforePollError with non-empty waiting is raised.
Returns (cert, updated_authzrs) tuple where cert is the issued certificate(messages.CertificateResource), and updated_authzrs is a tuple consist-ing of updated Authorization Resources (AuthorizationResource) as present in theresponses from server, and in the same order as the input authzrs.
12 Chapter 1. API Documentation
acme-python Documentation, Release 0
Return type tuple
Raises PollError – in case of timeout or if some authorization was marked by the CA asinvalid
_get_cert(uri)Returns certificate from URI.
Parameters uri (str) – URI of certificate
Returns tuple of the form (response, josepy.util.ComparableX509)
Return type tuple
check_cert(certr)Check for new cert.
Parameters certr (CertificateResource) – Certificate Resource
Returns Updated Certificate Resource.
Return type CertificateResource
refresh(certr)Refresh certificate.
Parameters certr (CertificateResource) – Certificate Resource
Returns Updated Certificate Resource.
Return type CertificateResource
fetch_chain(certr, max_length=10)Fetch chain for certificate.
Parameters
• certr (CertificateResource) – Certificate Resource
• max_length (int) – Maximum allowed length of the chain. Note that each element inthe certificate requires new HTTP GET request, and the length of the chain is controlledby the ACME CA.
Raises errors.Error – if recursion exceeds max_length
Returns Certificate chain for the Certificate Resource. It is a list ordered so that the first elementis a signer of the certificate from Certificate Resource. Will be empty if cert_chain_uriis None.
Return type list of OpenSSL.crypto.X509 wrapped in ComparableX509
revoke(cert, rsn)Revoke certificate.
Parameters
• cert (ComparableX509) – OpenSSL.crypto.X509 wrapped inComparableX509
• rsn (int) – Reason code for certificate revocation.
Raises ClientError – If revocation is unsuccessful.
class acme.client.ClientV2(directory, net)Bases: acme.client.ClientBase
ACME client for a v2 API.
1.2. Client 13
acme-python Documentation, Release 0
Variables
• directory (messages.Directory) –
• net (ClientNetwork) – Client network.
new_account(new_account)Register.
Parameters new_account (NewRegistration) –
Raises ConflictError – in case the account already exists
Returns Registration Resource.
Return type RegistrationResource
query_registration(regr)Query server about registration.
Parameters messages.RegistrationResource – Existing Registration Resource.
update_registration(regr, update=None)Update registration.
Parameters
• regr (messages.RegistrationResource) – Registration Resource.
• update (messages.Registration) – Updated body of the resource. If not pro-vided, body will be taken from regr.
Returns Updated Registration Resource.
Return type RegistrationResource
new_order(csr_pem)Request a new Order object from the server.
Parameters csr_pem (str) – A CSR in PEM format.
Returns The newly created order.
Return type OrderResource
poll(authzr)Poll Authorization Resource for status.
Parameters authzr (AuthorizationResource) – Authorization Resource
Returns Updated Authorization Resource and HTTP response.
Return type (AuthorizationResource, requests.Response)
poll_and_finalize(orderr, deadline=None)Poll authorizations and finalize the order.
If no deadline is provided, this method will timeout after 90 seconds.
Parameters
• orderr (messages.OrderResource) – order to finalize
• deadline (datetime.datetime) – when to stop polling and timeout
Returns finalized order
Return type messages.OrderResource
14 Chapter 1. API Documentation
acme-python Documentation, Release 0
poll_authorizations(orderr, deadline)Poll Order Resource for status.
finalize_order(orderr, deadline)Finalize an order and obtain a certificate.
Parameters
• orderr (messages.OrderResource) – order to finalize
• deadline (datetime.datetime) – when to stop polling and timeout
Returns finalized order
Return type messages.OrderResource
revoke(cert, rsn)Revoke certificate.
Parameters
• cert (ComparableX509) – OpenSSL.crypto.X509 wrapped inComparableX509
• rsn (int) – Reason code for certificate revocation.
Raises ClientError – If revocation is unsuccessful.
external_account_required()Checks if ACME server requires External Account Binding authentication.
_post_as_get(*args, **kwargs)Send GET request using the POST-as-GET protocol if needed. The request will be first issued using POST-as-GET for ACME v2. If the ACME CA servers do not support this yet and return an error, request willbe retried using GET. For ACME v1, only GET request will be tried, as POST-as-GET is not supported.:param args: :param kwargs: :return:
class acme.client.BackwardsCompatibleClientV2(net, key, server)Bases: object
ACME client wrapper that tends towards V2-style calls, but supports V1 servers.
Note: While this class handles the majority of the differences between versions of the ACME protocol, if youneed to support an ACME server based on version 3 or older of the IETF ACME draft that uses combinationsin authorizations (or lack thereof) to signal that the client needs to complete something other than any singlechallenge in the authorization to make it valid, the user of this class needs to understand and handle thesedifferences themselves. This does not apply to either of Let’s Encrypt’s endpoints where successfully completingany challenge in an authorization will make it valid.
Variables
• acme_version (int) – 1 or 2, corresponding to the Let’s Encrypt endpoint
• client (ClientBase) – either Client or ClientV2
new_account_and_tos(regr, check_tos_cb=None)Combined register and agree_tos for V1, new_account for V2
Parameters
• regr (NewRegistration) –
1.2. Client 15
acme-python Documentation, Release 0
• check_tos_cb (callable) – callback that raises an error if the check does not work
new_order(csr_pem)Request a new Order object from the server.
If using ACMEv1, returns a dummy OrderResource with only the authorizations field filled in.
Parameters csr_pem (str) – A CSR in PEM format.
Returns The newly created order.
Return type OrderResource
Raises errors.WildcardUnsupportedError – if a wildcard domain is requested butunsupported by the ACME version
finalize_order(orderr, deadline)Finalize an order and obtain a certificate.
Parameters
• orderr (messages.OrderResource) – order to finalize
• deadline (datetime.datetime) – when to stop polling and timeout
Returns finalized order
Return type messages.OrderResource
revoke(cert, rsn)Revoke certificate.
Parameters
• cert (ComparableX509) – OpenSSL.crypto.X509 wrapped inComparableX509
• rsn (int) – Reason code for certificate revocation.
Raises ClientError – If revocation is unsuccessful.
external_account_required()Checks if the server requires an external account for ACMEv2 servers.
Always return False for ACMEv1 servers, as it doesn’t use External Account Binding.
class acme.client.ClientNetwork(key, account=None, alg=RS256, verify_ssl=True,user_agent=’acme-python’, timeout=45,source_address=None)
Bases: object
Wrapper around requests that signs POSTs for authentication.
Also adds user agent, and handles Content-Type.
REPLAY_NONCE_HEADER = 'Replay-Nonce'Initialize.
Parameters
• key (josepy.JWK) – Account private key
• account (messages.RegistrationResource) – Account object. Required ifyou are planning to use .post() with acme_version=2 for anything other than creating anew account; may be set later after registering.
• alg (josepy.JWASignature) – Algoritm to use in signing JWS.
16 Chapter 1. API Documentation
acme-python Documentation, Release 0
• verify_ssl (bool) – Whether to verify certificates on SSL connections.
• user_agent (str) – String to send as User-Agent header.
• timeout (float) – Timeout for requests.
• source_address (str or tuple(str, int)) – Optional source address tobind to when making requests.
_wrap_in_jws(obj, nonce, url, acme_version)Wrap JSONDeSerializable object in JWS.
Todo: Implement acmePath.
Parameters
• obj (josepy.JSONDeSerializable) –
• url (str) – The URL to which this object will be POSTed
• nonce (bytes) –
Return type josepy.JWS
classmethod _check_response(response, content_type=None)Check response content and its type.
Note: Checking is not strict: wrong server response Content-TypeHTTP header is ignored if responseis an expected JSON object (c.f. Boulder #56).
Parameters content_type (str) – Expected Content-Type response header. If JSON isexpected and not present in server response, this function will raise an error. Otherwise,wrong Content-Type is ignored, but logged.
Raises
• messages.Error – If server response body carries HTTP Problem (draft-ietf-appsawg-http-problem-00).
• ClientError – In case of other networking errors.
_send_request(method, url, *args, **kwargs)Send HTTP request.
Makes sure that verify_ssl is respected. Logs request and response (with headers). For allowedparameters please see requests.request.
Parameters
• method (str) – method for the new requests.Request object
• url (str) – URL for the new requests.Request object
Raises requests.exceptions.RequestException – in case of any problems
Returns HTTP Response
Return type requests.Response
1.2. Client 17
acme-python Documentation, Release 0
head(*args, **kwargs)Send HEAD request without checking the response.
Note, that _check_response is not called, as it is expected that status code other than successfully 2xxwill be returned, or messages2.Error will be raised by the server.
get(url, content_type=’application/json’, **kwargs)Send GET request and check response.
post(*args, **kwargs)POST object wrapped in JWS and check response.
If the server responded with a badNonce error, the request will be retried once.
1.3 Errors
ACME errors.
exception acme.errors.ErrorBases: exceptions.Exception
Generic ACME error.
exception acme.errors.DependencyErrorBases: acme.errors.Error
Dependency error
exception acme.errors.SchemaValidationErrorBases: josepy.errors.DeserializationError
JSON schema ACME object validation error.
exception acme.errors.ClientErrorBases: acme.errors.Error
Network error.
exception acme.errors.UnexpectedUpdateBases: acme.errors.ClientError
Unexpected update error.
exception acme.errors.NonceErrorBases: acme.errors.ClientError
Server response nonce error.
exception acme.errors.BadNonce(nonce, error, *args, **kwargs)Bases: acme.errors.NonceError
Bad nonce error.
exception acme.errors.MissingNonce(response, *args, **kwargs)Bases: acme.errors.NonceError
Missing nonce error.
According to the specification an “ACME server MUST include an Replay-Nonce header field in each successfulresponse to a POST it provides to a client (. . . )”.
Variables response (requests.Response) – HTTP Response
18 Chapter 1. API Documentation
acme-python Documentation, Release 0
exception acme.errors.PollError(exhausted, updated)Bases: acme.errors.ClientError
Generic error when polling for authorization fails.
This might be caused by either timeout (exhaustedwill be non-empty) or by some authorization being invalid.
Variables
• exhausted – Set of AuthorizationResource that didn’t finish within max allowedattempts.
• updated – Mapping from original AuthorizationResource to the most recentlyupdated one
timeoutWas the error caused by timeout?
exception acme.errors.ValidationError(failed_authzrs)Bases: acme.errors.Error
Error for authorization failures. Contains a list of authorization resources, each of which is invalid and shouldhave an error field.
exception acme.errors.TimeoutErrorBases: acme.errors.Error
Error for when polling an authorization or an order times out.
exception acme.errors.IssuanceError(error)Bases: acme.errors.Error
Error sent by the server after requesting issuance of a certificate.
exception acme.errors.ConflictError(location)Bases: acme.errors.ClientError
Error for when the server returns a 409 (Conflict) HTTP status.
In the version of ACME implemented by Boulder, this is used to find an account if you only have the privatekey, but don’t know the account URL.
Also used in V2 of the ACME client for the same purpose.
exception acme.errors.WildcardUnsupportedErrorBases: acme.errors.Error
Error for when a wildcard is requested but is unsupported by ACME CA.
1.4 Fields
ACME JSON fields.
class acme.fields.Fixed(json_name, value)Bases: josepy.json_util.Field
Fixed field.
decode(value)Decode a value, optionally with context JSON object.
encode(value)Encode a value, optionally with context JSON object.
1.4. Fields 19
acme-python Documentation, Release 0
class acme.fields.RFC3339Field(json_name, default=None, omitempty=False, decoder=None,encoder=None)
Bases: josepy.json_util.Field
RFC3339 field encoder/decoder.
Handles decoding/encoding between RFC3339 strings and aware (not naive) datetime.datetime objects(e.g. datetime.datetime.now(pytz.utc)).
classmethod default_encoder(value)Default (passthrough) encoder.
classmethod default_decoder(value)Default decoder.
Recursively deserialize into immutable types ( josepy.util.frozendict instead of dict(),tuple() instead of list()).
class acme.fields.Resource(resource_type, *args, **kwargs)Bases: josepy.json_util.Field
Resource MITM field.
decode(value)Decode a value, optionally with context JSON object.
1.5 JOSE
The acme.jose module was moved to its own package “josepy”. Please refer to its documentation there.
1.6 Messages
ACME protocol messages.
acme.messages.is_acme_error(err)Check if argument is an ACME error.
exception acme.messages.Error(**kwargs)Bases: josepy.json_util.JSONObjectWithFields, acme.errors.Error
ACME error.
https://tools.ietf.org/html/draft-ietf-appsawg-http-problem-00
Variables
• typ (unicode) –
• title (unicode) –
• detail (unicode) –
classmethod with_code(code, **kwargs)Create an Error instance with an ACME Error code.
Unicode code An ACME error code, like ‘dnssec’.
Kwargs kwargs to pass to Error.
descriptionHardcoded error description based on its type.
20 Chapter 1. API Documentation
acme-python Documentation, Release 0
Returns Description if standard ACME error or None.
Return type unicode
codeACME error code.
Basically self.typ without the ERROR_PREFIX.
Returns error code if standard ACME code or None.
Return type unicode
class acme.messages._Constant(name)Bases: josepy.interfaces.JSONDeSerializable, _abcoll.Hashable
ACME constant.
to_partial_json()Partially serialize.
Following the example, partial serialization means the following:
assert isinstance(Bar().to_partial_json()[0], Foo)assert isinstance(Bar().to_partial_json()[1], Foo)
# in particular...assert Bar().to_partial_json() != ['foo', 'foo']
Raises josepy.errors.SerializationError – in case of any serialization error.
Returns Partially serializable object.
classmethod from_json(jobj)Deserialize a decoded JSON document.
Parameters jobj – Python object, composed of only other basic data types, as decoded fromJSON document. Not necessarily dict (as decoded from “JSON object” document).
Raises josepy.errors.DeserializationError – if decoding was unsuccessful, e.g.in case of unparseable X509 certificate, or wrong padding in JOSE base64 encoded string,etc.
class acme.messages.Status(name)Bases: acme.messages._Constant
ACME “status” field.
class acme.messages.IdentifierType(name)Bases: acme.messages._Constant
ACME identifier type.
class acme.messages.Identifier(**kwargs)Bases: josepy.json_util.JSONObjectWithFields
ACME identifier.
Variables
• typ (IdentifierType) –
• value (unicode) –
1.6. Messages 21
acme-python Documentation, Release 0
class acme.messages.Directory(jobj)Bases: josepy.interfaces.JSONDeSerializable
Directory.
class Meta(**kwargs)Bases: josepy.json_util.JSONObjectWithFields
Directory Meta.
terms_of_serviceURL for the CA TOS
classmethod register(resource_body_cls)Register resource.
to_partial_json()Partially serialize.
Following the example, partial serialization means the following:
assert isinstance(Bar().to_partial_json()[0], Foo)assert isinstance(Bar().to_partial_json()[1], Foo)
# in particular...assert Bar().to_partial_json() != ['foo', 'foo']
Raises josepy.errors.SerializationError – in case of any serialization error.
Returns Partially serializable object.
classmethod from_json(jobj)Deserialize a decoded JSON document.
Parameters jobj – Python object, composed of only other basic data types, as decoded fromJSON document. Not necessarily dict (as decoded from “JSON object” document).
Raises josepy.errors.DeserializationError – if decoding was unsuccessful, e.g.in case of unparseable X509 certificate, or wrong padding in JOSE base64 encoded string,etc.
class acme.messages.Resource(**kwargs)Bases: josepy.json_util.JSONObjectWithFields
ACME Resource.
Variables body (acme.messages.ResourceBody) – Resource body.
class acme.messages.ResourceWithURI(**kwargs)Bases: acme.messages.Resource
ACME Resource with URI.
Variables uri (unicode) – Location of the resource.
class acme.messages.ResourceBody(**kwargs)Bases: josepy.json_util.JSONObjectWithFields
ACME Resource Body.
class acme.messages.ExternalAccountBindingBases: object
ACME External Account Binding
22 Chapter 1. API Documentation
acme-python Documentation, Release 0
classmethod from_data(account_public_key, kid, hmac_key, directory)Create External Account Binding Resource from contact details, kid and hmac.
class acme.messages.Registration(**kwargs)Bases: acme.messages.ResourceBody
Registration Resource Body.
Variables
• key (josepy.jwk.JWK) – Public key.
• contact (tuple) – Contact information following ACME spec, tuple of unicode.
• agreement (unicode) –
classmethod from_data(phone=None, email=None, external_account_binding=None,**kwargs)
Create registration resource from contact details.
phonesAll phones found in the contact field.
emailsAll emails found in the contact field.
class acme.messages.NewRegistration(**kwargs)Bases: acme.messages.Registration
New registration.
class acme.messages.UpdateRegistration(**kwargs)Bases: acme.messages.Registration
Update registration.
class acme.messages.RegistrationResource(**kwargs)Bases: acme.messages.ResourceWithURI
Registration Resource.
Variables
• body (acme.messages.Registration) –
• new_authzr_uri (unicode) – Deprecated. Do not use.
• terms_of_service (unicode) – URL for the CA TOS.
class acme.messages.ChallengeBody(**kwargs)Bases: acme.messages.ResourceBody
Challenge Resource Body.
Todo: Confusingly, this has a similar name to challenges.Challenge, as well as achallenges.AnnotatedChallenge. Please use names such as challb to distinguish instances of this class fromachall.
Variables
• acme.challenges.Challenge – Wrapped challenge. Conveniently, all challengefields are proxied, i.e. you can call challb.x to get challb.chall.x contents.
• status (acme.messages.Status) –
1.6. Messages 23
acme-python Documentation, Release 0
• validated (datetime.datetime) –
• error (messages.Error) –
encode(name)Encode a single field.
Parameters name (str) – Name of the field to be encoded.
Raises
• errors.SerializationError – if field cannot be serialized
• errors.Error – if field could not be found
to_partial_json()Partially serialize.
Following the example, partial serialization means the following:
assert isinstance(Bar().to_partial_json()[0], Foo)assert isinstance(Bar().to_partial_json()[1], Foo)
# in particular...assert Bar().to_partial_json() != ['foo', 'foo']
Raises josepy.errors.SerializationError – in case of any serialization error.
Returns Partially serializable object.
classmethod fields_from_json(jobj)Deserialize fields from JSON.
uriThe URL of this challenge.
class acme.messages.ChallengeResource(**kwargs)Bases: acme.messages.Resource
Challenge Resource.
Variables
• body (acme.messages.ChallengeBody) –
• authzr_uri (unicode) – URI found in the ‘up’ Link header.
uriThe URL of the challenge body.
class acme.messages.Authorization(**kwargs)Bases: acme.messages.ResourceBody
Authorization Resource Body.
Variables
• identifier (acme.messages.Identifier) –
• challenges (list) – list of ChallengeBody
• combinations (tuple) – Challenge combinations (tuple of tuple of int, as op-posed to list of list from the spec).
• status (acme.messages.Status) –
24 Chapter 1. API Documentation
acme-python Documentation, Release 0
• expires (datetime.datetime) –
resolved_combinationsCombinations with challenges instead of indices.
class acme.messages.NewAuthorization(**kwargs)Bases: acme.messages.Authorization
New authorization.
class acme.messages.AuthorizationResource(**kwargs)Bases: acme.messages.ResourceWithURI
Authorization Resource.
Variables
• body (acme.messages.Authorization) –
• new_cert_uri (unicode) – Deprecated. Do not use.
class acme.messages.CertificateRequest(**kwargs)Bases: josepy.json_util.JSONObjectWithFields
ACME new-cert request.
Variables csr (josepy.util.ComparableX509) – OpenSSL.crypto.X509Reqwrapped in ComparableX509
class acme.messages.CertificateResource(**kwargs)Bases: acme.messages.ResourceWithURI
Certificate Resource.
Variables
• body (josepy.util.ComparableX509) – OpenSSL.crypto.X509 wrapped inComparableX509
• cert_chain_uri (unicode) – URI found in the ‘up’ Link header
• authzrs (tuple) – tuple of AuthorizationResource.
class acme.messages.Revocation(**kwargs)Bases: josepy.json_util.JSONObjectWithFields
Revocation message.
Variables certificate (ComparableX509) – OpenSSL.crypto.X509 wrapped inComparableX509
class acme.messages.Order(**kwargs)Bases: acme.messages.ResourceBody
Order Resource Body.
Variables
• of .Identifier (list) – List of identifiers for the certificate.
• status (acme.messages.Status) –
• of str authorizations (list) – URLs of authorizations.
• certificate (str) – URL to download certificate as a fullchain PEM.
• finalize (str) – URL to POST to to request issuance once all authorizations have“valid” status.
1.6. Messages 25
acme-python Documentation, Release 0
• expires (datetime.datetime) – When the order expires.
• error (Error) – Any error that occurred during finalization, if applicable.
class acme.messages.OrderResource(**kwargs)Bases: acme.messages.ResourceWithURI
Order Resource.
Variables
• body (acme.messages.Order) –
• csr_pem (str) – The CSR this Order will be finalized with.
• of acme.messages.AuthorizationResource authorizations (list) –Fully-fetched AuthorizationResource objects.
• fullchain_pem (str) – The fetched contents of the certificate URL produced once theorder was finalized, if it’s present.
class acme.messages.NewOrder(**kwargs)Bases: acme.messages.Order
New order.
1.7 Standalone
Internal class delegating to a module, and displaying warnings when attributes related to TLS-SNI-01 are accessed.
class acme.standalone.ACMEServerMixinACME server common settings mixin.
class acme.standalone.BaseDualNetworkedServers(ServerClass, server_address, *remain-ing_args, **kwargs)
Bases: object
Base class for a pair of IPv6 and IPv4 servers that tries to do everything it’s asked for both servers, but wherefailures in one server don’t affect the other.
If two servers are instantiated, they will serve on the same port.
serve_forever()Wraps socketserver.TCPServer.serve_forever
getsocknames()Wraps socketserver.TCPServer.socket.getsockname
shutdown_and_server_close()Wraps socketserver.TCPServer.shutdown, socketserver.TCPServer.server_close, and thread-ing.Thread.join
class acme.standalone.BaseRequestHandlerWithLogging(request, client_address, server)Bases: SocketServer.BaseRequestHandler
BaseRequestHandler with logging.
log_message(format, *args)Log arbitrary message.
handle()Handle request.
26 Chapter 1. API Documentation
acme-python Documentation, Release 0
class acme.standalone.HTTP01DualNetworkedServers(*args, **kwargs)Bases: acme.standalone.BaseDualNetworkedServers
HTTP01Server Wrapper. Tries everything for both. Failures for one don’t affect the other.
class acme.standalone.HTTP01RequestHandler(*args, **kwargs)Bases: BaseHTTPServer.BaseHTTPRequestHandler
HTTP01 challenge handler.
Adheres to the stdlib’s socketserver.BaseRequestHandler interface.
Variables simple_http_resources (set) – A set of HTTP01Resource objects. TODO:better name?
class HTTP01Resource(chall, response, validation)Bases: tuple
_asdict()Return a new OrderedDict which maps field names to their values
classmethod _make(iterable, new=<built-in method __new__ of type object>, len=<built-infunction len>)
Make a new HTTP01Resource object from a sequence or iterable
_replace(**kwds)Return a new HTTP01Resource object replacing specified fields with new values
challAlias for field number 0
responseAlias for field number 1
validationAlias for field number 2
log_message(format, *args)Log arbitrary message.
handle()Handle request.
handle_index()Handle index page.
handle_404()Handler 404 Not Found errors.
handle_simple_http_resource()Handle HTTP01 provisioned resources.
classmethod partial_init(simple_http_resources)Partially initialize this handler.
This is useful because socketserver.BaseServer takes uninitialized handler and initializes it withthe current request.
class acme.standalone.HTTP01Server(server_address, resources, ipv6=False)Bases: acme.standalone.HTTPServer, acme.standalone.ACMEServerMixin
HTTP01 Server.
class acme.standalone.HTTPServer(*args, **kwargs)Bases: BaseHTTPServer.HTTPServer
1.7. Standalone 27
acme-python Documentation, Release 0
Generic HTTP Server.
class acme.standalone.TLSSNI01DualNetworkedServers(*args, **kwargs)Bases: acme.standalone.BaseDualNetworkedServers
TLSSNI01Server Wrapper. Tries everything for both. Failures for one don’t affect the other.
class acme.standalone.TLSSNI01Server(server_address, certs, ipv6=False)Bases: acme.standalone.TLSServer, acme.standalone.ACMEServerMixin
TLSSNI01 Server.
class acme.standalone.TLSServer(*args, **kwargs)Bases: SocketServer.TCPServer
Generic TLS Server.
acme.standalone.simple_tls_sni_01_server(cli_args, forever=True)Run simple standalone TLSSNI01 server.
ACME protocol implementation.
This module is an implementation of the ACME protocol.
class acme._TLSSNI01DeprecationModule(module)Bases: object
Internal class delegating to a module, and displaying warnings when attributes related to TLS-SNI-01 are ac-cessed.
28 Chapter 1. API Documentation
CHAPTER 2
Indices and tables
• genindex
• modindex
• search
29
acme-python Documentation, Release 0
30 Chapter 2. Indices and tables
Python Module Index
aacme, 28acme.challenges, 3acme.client, 9acme.errors, 18acme.fields, 19acme.messages, 20acme.standalone, 26
31
acme-python Documentation, Release 0
32 Python Module Index
Index
Symbols_Constant (class in acme.messages), 21_TLSSNI01DeprecationModule (class in acme),
28_TokenChallenge (class in acme.challenges), 9_asdict() (acme.standalone.HTTP01RequestHandler.HTTP01Resource
method), 27_check_response() (acme.client.ClientNetwork
class method), 17_get_cert() (acme.client.Client method), 13_make() (acme.standalone.HTTP01RequestHandler.HTTP01Resource
class method), 27_post() (acme.client.ClientBase method), 10_post_as_get() (acme.client.ClientV2 method), 15_replace() (acme.standalone.HTTP01RequestHandler.HTTP01Resource
method), 27_revoke() (acme.client.ClientBase method), 10_send_request() (acme.client.ClientNetwork
method), 17_wrap_in_jws() (acme.client.ClientNetwork
method), 17
Aacme (module), 28acme.challenges (module), 3acme.client (module), 9acme.errors (module), 18acme.fields (module), 19acme.messages (module), 20acme.standalone (module), 26ACMEServerMixin (class in acme.standalone), 26agree_to_tos() (acme.client.Client method), 11answer_challenge() (acme.client.ClientBase
method), 10Authorization (class in acme.messages), 24AuthorizationResource (class in acme.messages),
25
BBackwardsCompatibleClientV2 (class in
acme.client), 15BadNonce, 18BaseDualNetworkedServers (class in
acme.standalone), 26BaseRequestHandlerWithLogging (class in
acme.standalone), 26
CCertificateRequest (class in acme.messages), 25CertificateResource (class in acme.messages), 25chall (acme.standalone.HTTP01RequestHandler.HTTP01Resource
attribute), 27Challenge (class in acme.challenges), 3ChallengeBody (class in acme.messages), 23ChallengeResource (class in acme.messages), 24ChallengeResponse (class in acme.challenges), 3check_cert() (acme.client.Client method), 13check_validation() (acme.challenges.DNS
method), 4check_validation()
(acme.challenges.DNSResponse method),5
Client (class in acme.client), 11ClientBase (class in acme.client), 9ClientError, 18ClientNetwork (class in acme.client), 16ClientV2 (class in acme.client), 13code (acme.messages.Error attribute), 21ConflictError, 19
Ddeactivate_registration()
(acme.client.ClientBase method), 10decode() (acme.fields.Fixed method), 19decode() (acme.fields.Resource method), 20default_decoder() (acme.fields.RFC3339Field
class method), 20default_encoder() (acme.fields.RFC3339Field
class method), 20DependencyError, 18
33
acme-python Documentation, Release 0
description (acme.messages.Error attribute), 20Directory (class in acme.messages), 21Directory.Meta (class in acme.messages), 22DNS (class in acme.challenges), 3DNS01 (class in acme.challenges), 4DNS01Response (class in acme.challenges), 4DNSResponse (class in acme.challenges), 5DOMAIN_SUFFIX (acme.challenges.TLSSNI01Response
attribute), 8
Eemails (acme.messages.Registration attribute), 23encode() (acme.fields.Fixed method), 19encode() (acme.messages.ChallengeBody method), 24Error, 18, 20external_account_required()
(acme.client.BackwardsCompatibleClientV2method), 16
external_account_required()(acme.client.ClientV2 method), 15
ExternalAccountBinding (class inacme.messages), 22
Ffetch_chain() (acme.client.Client method), 13fields_from_json()
(acme.messages.ChallengeBody class method),24
finalize_order() (acme.client.BackwardsCompatibleClientV2method), 16
finalize_order() (acme.client.ClientV2 method),15
Fixed (class in acme.fields), 19from_data() (acme.messages.ExternalAccountBinding
class method), 22from_data() (acme.messages.Registration class
method), 23from_json() (acme.challenges.Challenge class
method), 3from_json() (acme.challenges.UnrecognizedChallenge
class method), 9from_json() (acme.messages._Constant class
method), 21from_json() (acme.messages.Directory class
method), 22
Ggen_cert() (acme.challenges.TLSSNI01Response
method), 8gen_response() (acme.challenges.DNS method), 4gen_validation() (acme.challenges.DNS method),
3get() (acme.client.ClientNetwork method), 18
getsocknames() (acme.standalone.BaseDualNetworkedServersmethod), 26
good_token (acme.challenges._TokenChallenge at-tribute), 9
Hhandle() (acme.standalone.BaseRequestHandlerWithLogging
method), 26handle() (acme.standalone.HTTP01RequestHandler
method), 27handle_404() (acme.standalone.HTTP01RequestHandler
method), 27handle_index() (acme.standalone.HTTP01RequestHandler
method), 27handle_simple_http_resource()
(acme.standalone.HTTP01RequestHandlermethod), 27
head() (acme.client.ClientNetwork method), 17HTTP01 (class in acme.challenges), 5HTTP01DualNetworkedServers (class in
acme.standalone), 26HTTP01RequestHandler (class in
acme.standalone), 27HTTP01RequestHandler.HTTP01Resource
(class in acme.standalone), 27HTTP01Response (class in acme.challenges), 5HTTP01Server (class in acme.standalone), 27HTTPServer (class in acme.standalone), 27
IIdentifier (class in acme.messages), 21IdentifierType (class in acme.messages), 21is_acme_error() (in module acme.messages), 20IssuanceError, 19
Kkey_authorization()
(acme.challenges.KeyAuthorizationChallengemethod), 6
KeyAuthorizationChallenge (class inacme.challenges), 6
KeyAuthorizationChallengeResponse (classin acme.challenges), 6
LLABEL (acme.challenges.DNS attribute), 3LABEL (acme.challenges.DNS01 attribute), 4log_message() (acme.standalone.BaseRequestHandlerWithLogging
method), 26log_message() (acme.standalone.HTTP01RequestHandler
method), 27
MMissingNonce, 18
34 Index
acme-python Documentation, Release 0
Nnew_account() (acme.client.ClientV2 method), 14new_account_and_tos()
(acme.client.BackwardsCompatibleClientV2method), 15
new_order() (acme.client.BackwardsCompatibleClientV2method), 16
new_order() (acme.client.ClientV2 method), 14NewAuthorization (class in acme.messages), 25NewOrder (class in acme.messages), 26NewRegistration (class in acme.messages), 23NonceError, 18
OOrder (class in acme.messages), 25OrderResource (class in acme.messages), 26
Ppartial_init() (acme.standalone.HTTP01RequestHandler
class method), 27path (acme.challenges.HTTP01 attribute), 5phones (acme.messages.Registration attribute), 23poll() (acme.client.Client method), 12poll() (acme.client.ClientV2 method), 14poll_and_finalize() (acme.client.ClientV2
method), 14poll_and_request_issuance()
(acme.client.Client method), 12poll_authorizations() (acme.client.ClientV2
method), 14PollError, 18PORT (acme.challenges.HTTP01Response attribute), 5PORT (acme.challenges.TLSSNI01Response attribute), 8post() (acme.client.ClientNetwork method), 18probe_cert() (acme.challenges.TLSSNI01Response
method), 8
Qquery_registration() (acme.client.Client
method), 11query_registration() (acme.client.ClientV2
method), 14
Rrefresh() (acme.client.Client method), 13register() (acme.client.Client method), 11register() (acme.messages.Directory class method),
22Registration (class in acme.messages), 23RegistrationResource (class in acme.messages),
23REPLAY_NONCE_HEADER (acme.client.ClientNetwork
attribute), 16
request_challenges() (acme.client.Clientmethod), 11
request_domain_challenges()(acme.client.Client method), 12
request_issuance() (acme.client.Client method),12
resolved_combinations(acme.messages.Authorization attribute),25
Resource (class in acme.fields), 20Resource (class in acme.messages), 22ResourceBody (class in acme.messages), 22ResourceWithURI (class in acme.messages), 22response (acme.standalone.HTTP01RequestHandler.HTTP01Resource
attribute), 27response() (acme.challenges.KeyAuthorizationChallenge
method), 6response_and_validation()
(acme.challenges.KeyAuthorizationChallengemethod), 6
response_cls (acme.challenges.DNS01 attribute), 4response_cls (acme.challenges.HTTP01 attribute), 5response_cls (acme.challenges.TLSALPN01 at-
tribute), 7response_cls (acme.challenges.TLSSNI01 attribute),
7retry_after() (acme.client.ClientBase class
method), 10Revocation (class in acme.messages), 25revoke() (acme.client.BackwardsCompatibleClientV2
method), 16revoke() (acme.client.Client method), 13revoke() (acme.client.ClientV2 method), 15RFC3339Field (class in acme.fields), 19
SSchemaValidationError, 18serve_forever() (acme.standalone.BaseDualNetworkedServers
method), 26shutdown_and_server_close()
(acme.standalone.BaseDualNetworkedServersmethod), 26
simple_tls_sni_01_server() (in moduleacme.standalone), 28
simple_verify() (acme.challenges.DNS01Responsemethod), 4
simple_verify() (acme.challenges.HTTP01Responsemethod), 5
simple_verify() (acme.challenges.TLSSNI01Responsemethod), 8
Status (class in acme.messages), 21
Tterms_of_service (acme.messages.Directory.Meta
Index 35
acme-python Documentation, Release 0
attribute), 22timeout (acme.errors.PollError attribute), 19TimeoutError, 19TLSALPN01 (class in acme.challenges), 7TLSALPN01Response (class in acme.challenges), 7TLSServer (class in acme.standalone), 28TLSSNI01 (class in acme.challenges), 7TLSSNI01DualNetworkedServers (class in
acme.standalone), 28TLSSNI01Response (class in acme.challenges), 7TLSSNI01Server (class in acme.standalone), 28to_partial_json()
(acme.challenges.KeyAuthorizationChallengeResponsemethod), 7
to_partial_json()(acme.challenges.UnrecognizedChallengemethod), 9
to_partial_json() (acme.messages._Constantmethod), 21
to_partial_json()(acme.messages.ChallengeBody method),24
to_partial_json() (acme.messages.Directorymethod), 22
TOKEN_SIZE (acme.challenges._TokenChallenge at-tribute), 9
UUnexpectedUpdate, 18UnrecognizedChallenge (class in
acme.challenges), 9update_registration() (acme.client.ClientBase
method), 10update_registration() (acme.client.ClientV2
method), 14UpdateRegistration (class in acme.messages), 23uri (acme.messages.ChallengeBody attribute), 24uri (acme.messages.ChallengeResource attribute), 24uri() (acme.challenges.HTTP01 method), 5URI_ROOT_PATH (acme.challenges.HTTP01 attribute),
5
Vvalidation (acme.standalone.HTTP01RequestHandler.HTTP01Resource
attribute), 27validation() (acme.challenges.DNS01 method), 4validation() (acme.challenges.HTTP01 method), 5validation() (acme.challenges.KeyAuthorizationChallenge
method), 6validation() (acme.challenges.TLSALPN01
method), 7validation() (acme.challenges.TLSSNI01 method),
7
validation_domain_name()(acme.challenges.DNS method), 4
validation_domain_name()(acme.challenges.DNS01 method), 4
ValidationError, 19verify() (acme.challenges.KeyAuthorizationChallengeResponse
method), 7verify_cert() (acme.challenges.TLSSNI01Response
method), 8
WWHITESPACE_CUTSET
(acme.challenges.HTTP01Response attribute),5
WildcardUnsupportedError, 19with_code() (acme.messages.Error class method), 20
Zz (acme.challenges.TLSSNI01Response attribute), 8z_domain (acme.challenges.TLSSNI01Response
attribute), 8
36 Index